named running as root
Daniel Wittenberg
daniel-wittenberg at uiowa.edu
Sun Feb 4 22:48:33 UTC 2001
Yup, exactly. But, write access to named files vs write access to the
entire system I figured was a good trade-off for running as another user.
Dan
--
Daniel Wittenberg
University of Iowa - ITS
System Administrator
http://dan.its.uiowa.edu
> From: "Gerald Waugh" <gerald at waugh.com>
> Organization: Posted via Supernews, http://www.supernews.com
> Newsgroups: comp.protocols.dns.bind
> Date: Sun, 4 Feb 2001 12:42:26 -0500
> To: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: named running as root
>
>
> "Daniel Wittenberg" <daniel-wittenberg at uiowa.edu> wrote in message
> news:95j0si$1tr at pub3.rc.vix.com...
>>
>> I create a bind user and group with no privs, and then do ndc start -u bind
>> -g bind. If you want to be even more cautious look at running it chroot,
>> but that can be tricky on some systems.
>>
> Dan,
> Won't I have to change ownership of all my current db files,
> log files, and ??? files to the bind user and group?
> named has to be able to write files.
> Gerald
>
>
>
More information about the bind-users
mailing list